Mozilla ranks dozens of popular ‘smart’ gift ideas on creepiness and security

If you’re planning on picking up some cool new smart device for a loved one this holiday season, it might be worth your while to check whether it’s one of the good ones or not. Not just in the quality of the camera or step tracking, but the security and privacy practices of the companies that will collect (and sell) the data it produces. Mozilla has produced a handy resource ranking 70 of the latest items, from Amazon Echos to smart teddy bears.

Each of the dozens of toys and devices is graded on a number of measures: what data does it collect? Is that data encrypted when it is transmitted? Who is it shared with? Are you required to change the default password? And what’s the worst-case scenario if something went wrong?

Some of the security risks are inherent to the product — for example, security cameras can potentially see things you’d rather they didn’t — but others are oversights on the part of the company. Security practices like respecting account deletion, not sharing data with third parties, and so on.

At the top of the list are items getting most of it right — this Mycroft smart speaker, for instance, uses open-source software and the company that makes it makes all the right choices. Their privacy policy is even easy to read! Lots of gadgets seem just fine, really. This list doesn’t just trash everything.

On the other hand, you have something like this Dobby drone. They don’t seem to even have a privacy policy — bad news when you’re installing an app that records your location, HD footage and other stuff! Similarly, this Fredi baby monitor comes with a bad password you don’t have to change, and has no automatic security updates. Are you kidding me? Stay far, far away.

Altogether, 33 of the products met Mozilla’s recently proposed “minimum security standards” for smart devices (and got a nice badge); 7 failed; and the rest fell somewhere in-between. In addition to these official measures there’s a crowdsourced (hopefully not to be gamed) “creep-o-meter” where prospective buyers can indicate how creepy they find a device. But why is BB-8 creepy? I’d take that particular metric with a grain of salt.